Posted by: David Harley | December 16, 2018

Normal service suspended indefinitely

For the present, I’m not working in the security industry, so I shan’t be maintaining this blog, though I’ll keep it intact for the present in case people still find some use for what’s here.

I don’t plan to look for another security job at present, but never say never: this site might just surprise you. 🙂

Apologies for the suddenness of the decision.

David Harley

Advertisements
Posted by: David Harley | December 11, 2018

Webkit vulnerability affecting Safari et al

Bleeping Computer: WebKit Vulnerability Affects Latest Versions of Apple Safari

“A researcher published exploit code for a vulnerability in WebKit, the web browser engine that powers Apple’s Safari, along with other apps on macOS, iOS, and Linux.”

David Harley

Posted by: David Harley | December 10, 2018

Apple updates 10th December 2018

Apologies for the continuing silence from this page, due to bereavement and personal illness. I still don’t have much time to give to this project at the moment, but here are a few ‘catch-ups’.

David Harley

Posted by: David Harley | November 17, 2018

Apple and Android updates 17th November 2018

Bleeping Computer: iPhone X, Galaxy S9, Xiaomi Mi6 Fall at Pwn2Own Tokyo – “iPhone X, Samsung Galaxy S9, and Xiaomi Mi6 all fell at the hands of hackers that found bugs in various components and crafted exploits that allowed complete take over of the targeted device.”


 for ESET: Google’s data charts path to avoiding malware on Android
“How much higher are the odds that your device will be exposed to malware if you download apps from outside Google Play or if you use one of Android’s older versions? Google has the numbers”


Cyberscoop: Apple’s new security chip kills access to microphone – “In a security pamphlet released after Apple’s press event on Tuesday, the company revealed that the chip will completely cut off access to the device’s microphone when the MacBook lid is shut.”


The Register: Android fans get fat November security patch bundle – if the networks or mobe makers are kind enough to let ’em have it – “And Apple fixes Watch-killing security patch of its own”


Graham Cluley for BitDefender: Yes, you should update your iPhone to iOS 12.1, but its lock screen is *still* unsafe

John E. Dunn for Sophos: Another day, another update, another iPhone lock screen bypass


Sophos: Update now! Apple releases security fixes for iOS, MacOS, Safari, others


Brian Krebs: Busting SIM Swappers and SIM Swap Myths – “KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims.”

David Harley

Posted by: David Harley | October 26, 2018

More on the Bloomberg claims

I’ve often taken issue with Cylance (and other so-called next-generation vendors) over its misleading claims about mainstream detection techniques. However, the company has published some discussion among its own researchers regarding Bloomberg’s claims about supply-chain security issues relating to Apple and other big US companies, and several good points are made therein. Worth reading.

Around the Watercooler: Bloomberg “Big Hack” Edition

David Harley

Older Posts »

Categories